Digital goods are often distributed to consumers over private and public networks—such as Intranets and the Internet. In addition, these goods are distributed to consumers via fixed computer readable media, such as a compact disc (CD-ROM), digital versatile disc (DVD), soft magnetic diskette, or hard magnetic disk (e.g., a preloaded hard drive).
Unfortunately, it is relatively easy for a person to pirate the pristine digital content of a digital good at the expense and harm of the content owners—which includes the content author, publisher, developer, distributor, etc. The content-based industries (e.g., entertainment, music, film, etc.) that produce and distribute content are plagued by lost revenues due to digital piracy.
Modern digital pirates effectively rob content owners of their lawful compensation. Unless technology provides a mechanism to protect the rights of content owners, the creative community and culture will be impoverished.
“Digital goods” is a generic label for electronically stored or transmitted content. Examples of digital goods include images, audio clips, video, multimedia, software, and data. Digital goods may also be called a “digital signal,” “content signal,” “digital bitstream,” “media signal,” “digital object,” “object,” and the like.
Watermarking
Watermarking is one of the most promising techniques for protecting the content owner's rights of a digital good. Generally, watermarking is a process of altering the digital good such that its perceptual characteristics are preserved. More specifically, a “watermark” is a pattern of bits inserted into a digital good that may be used to identify the content owners and/or the protected rights.
Generally, watermarks are designed to be invisible or, more precisely, to be imperceptible to humans and statistical analysis tools.
A watermark embedder (i.e., encoder) is used to embed a watermark into a digital good. A watermark detector is used to detect (or extract) the watermark in the watermarked digital good. Watermark detection is often performed in real-time even on small devices.
Conventional Watermarking Technology
Conventional technologies for watermarking media signals rely on the imperfections of human perceptions (e.g., the human auditory system (HAS) or the human visual system (HVS)). For example, in the realm of audio signals, several conventional secret hiding techniques explore the fact that the HAS is insensitive to small amplitude changes—either in the time or frequency domains—as well as insertion of low-amplitude time-domain echoes.
The watermark can be regarded as an additive signal w, which contains the encoded and modulated watermark message b under constraints on the introduced perceptible distortions given by a mask M so that:y=x+w(M).
Commonly-used conventional watermark embedding techniques can be classified into spread-spectrum (SS) (which is often implemented using additive or multiplicative techniques) and quantization-based (e.g., quantization index modulation (QIM)) schemes.
Those of ordinary skill in the art are familiar with conventional techniques and technology associated with watermarks, watermark embedding, and watermark detecting.
Robustness
In most watermarking applications, the marked goods are likely to be processed in some way before it reaches the watermark receiver. The processing could be lossy compression, signal enhancement, or digital-to-analog (D/A) and analog-to-digital (A/D) conversion. An embedded watermark may unintentionally or inadvertently be impaired by such processing. Other types of processing may be applied with the explicit goal of hindering watermark reception. This is an attack on the watermark (or the watermarked good) by a so-called adversary.
In watermarking terminology, an attack may be thought of as any processing that may impair detection of the watermark or communication of the information conveyed by the watermark or intends to do so. The processed watermarked goods may be then called attacked goods.
Of course, key aspect of a watermarking technology is its robustness against attacks. The notion of robustness is intuitively clear to those of ordinary skill in the art: A watermark is robust if it cannot be impaired without also rendering the attacked goods less useful.
Watermark impairment can be measured by several criteria, for example: miss probability, probability of bit error, or channel capacity. For multimedia, the usefulness of the attacked data can be gauged by considering its perceptual quality or distortion. Hence, robustness may be evaluated by simultaneously considering watermark impairment and the distortion of the attacked good.
Estimation-based Attack
To accomplish an estimation-based attack, the adversary is able estimate—at least partially—the original good or the watermark from the watermarked good using some knowledge of the goods' statistics. An estimation-based attack does not need any knowledge of the secret key used for watermark embedding. Furthermore, knowledge of the embedding rule is not required; however, the attack may be more successful with it.
Depending on the final purpose of the attack, the adversary may obtain an estimate of the original good or of the watermark based on some stochastic criteria such as maximum likelihood (ML), maximum a posteriori probability (MAP), or minimum mean square error (MMSE). Depending on the way the estimate is used, these attacks may be classified as one of various forms of attacks, such as a removal attack, a protocol attack, or a desynchronization attack.
Framework to Thwart Estimation-based Attacks
Accordingly, it is a challenge to create a framework to thwart estimation-based attacks. It is desirable for such a framework to increase watermark robustness with respect to estimation-based attacks. Furthermore, it desirable for such a framework to do so when the adversary knows all the details how the watermark is embedded except the hidden secret.